/// <summary> /// Ensures the group Exists /// </summary> /// <param name="groupName"></param> private async Task <string> EnsureAzureADGroupExists(string groupName) { string groupId; var client = RestClient .Configure() .WithEnvironment(AzureEnvironment.AzureGlobalCloud) .WithLogLevel(HttpLoggingDelegatingHandler.Level.None) .WithCredentials(_authenticationHelper.GetAzureCrendentials()) .Build(); GraphRbacManager graphRbacManager = new GraphRbacManager(client, _appSettings.TenantId); IActiveDirectoryGroup group = await graphRbacManager.Groups.GetByNameAsync(groupName); if (group == null) { GroupCreateParameters parameters = new GroupCreateParameters() { DisplayName = groupName, MailNickname = groupName }; ADGroupInner groupInner = await graphRbacManager.Groups.Inner.CreateAsync(parameters); groupId = groupInner.ObjectId; } else { groupId = group.Id; } return(groupId); }
/// <summary> /// Assign the role if it does not exists /// </summary> /// <param name="resourceGroupId"></param> /// <param name="roleId"></param> /// <param name="principalId"></param> /// <returns></returns> public async Task AssignRoles(string resourceGroupId, string roleId, string principalId) { var authenticated = Azure .Configure() .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic) .Authenticate(_authenticationHelper.GetAzureCrendentials()).WithSubscription(_appSettings.Subscriptionid); string roleDefinitionId = $"/subscriptions/{_appSettings.Subscriptionid}/providers/Microsoft.Authorization/roleDefinitions/{roleId}"; var roleAssignments = await authenticated.AccessManagement.RoleAssignments.ListByScopeAsync(resourceGroupId); if (roleAssignments != null) { var roleAssignmentsList = roleAssignments.ToList(); var existingAssignment = roleAssignmentsList.Where(x => (x.PrincipalId.Equals(principalId) && x.RoleDefinitionId.Equals(roleDefinitionId))).FirstOrDefault(); if (existingAssignment is default(IRoleAssignment)) { await authenticated.AccessManagement.RoleAssignments .Define(SdkContext.RandomGuid()) .ForObjectId(principalId) .WithRoleDefinition(roleDefinitionId) .WithScope(resourceGroupId) .CreateAsync(); } } }